An End to ‘Security Theater’

Posted on October 5th, 2016

For those who never got the whole ‘selfie’ phenomenon, here’s one good thing that might come out of it. Thanks to emerging technologies, a single picture can eliminate numerous security vulnerabilities. And where the face goes, the voice will follow—voice recognition software is rapidly improving, and becoming more affordable, to the point where easy commands can enhance ease of use even as they reduce the fear of hacking and identity theft.

What we have now is what industry professionals call ‘security theater.’ This is when bank employees make a perfunctory match between a customer’s face and the physical ID, such as the driver’s license. The practice is so routine that we all accept it without thinking, but the reality is that it’s ridiculously easy to get past this step—just ask the average college student who bought beers or went to bars with someone else’s ID.

Now, a generation of companies is using facial recognition technologies to develop far tighter security. And perhaps best of all, while surely easing the way for most customers, it’s financial services providers who might derive the greatest benefits. That’s because the simple act of using the smartphone camera to take and send a selfie could offer a major advantage.

So how does all this work? One player in this space, U.K.-based Onfido, claims to build a trust ‘trust engine’ through facial recognition software that compares selfies and other images embedded in customers’ ID documents to confirm authenticity. And it’s all done in seconds, a quantum leap over the days and weeks now required. To be sure, there’s more than pictures involved, but one critical element builds on recognizing specific characteristics in facial features and the accompanying documents. In essence, this is security without the theater.

Other players include Jumio, which features ‘vision technology’ to verify credentials issued in virtually every country for in real-time web and mobile transactions; Bottomline Technologies, which uses behavioral analytics combined with pre-configured rules to generate alerts, among other offerings; and Mitek, which last year added facial recognition capabilities to its instant ID document verification solution.

And while the face does its thing to enhance security, the voice has been a key factor for a long time, and seems to be getting better. Among other recent developments, Samsung SDS—the conglomerate’s primary IT services arm, just announced an interesting partnership with Sensory Inc., a Silicon Valley venture that’s actually been around since 1994, and is dedicated to ‘improving the user experience through voice and vision technologies.’ With the new deal, Samsung SDS will use Sensory’s TrulySecure software—which doesn’t require specialized hardware or biometric scanners while still offering face and voice biometrics for secure user authentication. Think of the difference this could present for many banking functions.

There’s room for skepticism here—these are technologies that should be commonplace by now, given how much development there’s been, and how mobile tools have been broadly adopted. Yet the staggering popularity of enterprise and consumer mobility has not been accompanied by similar developments in security. A clear majority of institutions and individuals alike still rely on well-worn passwords, which can be forgotten or hacked with equal ease.

That’s why, rather than awaiting a single killer app that accelerates biometric and other forms of forward-thinking security, we should appreciate incremental advances such as these. Our faces and voices, among other characteristics, are still unique. Let’s use them for protection.